crypto: refactoring internals, add WebCrypto

Fixes: https://github.com/nodejs/node/issues/678
Refs: https://github.com/nodejs/node/issues/26854

Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/35093
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

1 files changed, 207 insertions, 0 deletions

diff --git a/test/parallel/test-webcrypto-export-import.js b/test/parallel/test-webcrypto-export-import.js
new file mode 100644
index 0000000000..bc37f0ea63
--- /dev/null
+++ b/test/parallel/test-webcrypto-export-import.js
@@ -0,0 +1,207 @@
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const { subtle, getRandomValues } = require('crypto').webcrypto;
+
+{
+  const keyData = getRandomValues(new Uint8Array(32));
+  [1, null, undefined, {}, []].forEach((format) => {
+    assert.rejects(
+      subtle.importKey(format, keyData, {}, false, ['wrapKey']), {
+        code: 'ERR_INVALID_ARG_TYPE'
+      });
+  });
+  assert.rejects(
+    subtle.importKey('not valid', keyData, {}, false, ['wrapKey']), {
+      code: 'ERR_INVALID_ARG_VALUE'
+    });
+  [1, null, undefined, {}, []].forEach((keyData) => {
+    assert.rejects(
+      subtle.importKey('raw', keyData, {}, false, ['deriveBits']), {
+        code: 'ERR_INVALID_ARG_TYPE'
+      });
+  });
+}
+
+// Import/Export HMAC Secret Key
+{
+  async function test() {
+    const keyData = getRandomValues(new Uint8Array(32));
+    const key = await subtle.importKey(
+      'raw',
+      keyData, {
+        name: 'HMAC',
+        hash: 'SHA-256'
+      }, true, ['sign', 'verify']);
+
+    const raw = await subtle.exportKey('raw', key);
+
+    assert.deepStrictEqual(
+      Buffer.from(keyData).toString('hex'),
+      Buffer.from(raw).toString('hex'));
+
+    const jwk = await subtle.exportKey('jwk', key);
+    assert.deepStrictEqual(jwk.key_ops, ['sign', 'verify']);
+    assert(jwk.ext);
+    assert.strictEqual(jwk.kty, 'oct');
+
+    assert.deepStrictEqual(
+      Buffer.from(jwk.k, 'base64').toString('hex'),
+      Buffer.from(raw).toString('hex'));
+  }
+
+  test().then(common.mustCall());
+}
+
+// Import/Export AES Secret Key
+{
+  async function test() {
+    const keyData = getRandomValues(new Uint8Array(32));
+    const key = await subtle.importKey(
+      'raw',
+      keyData, {
+        name: 'AES-CTR',
+        length: 256,
+      }, true, ['encrypt', 'decrypt']);
+
+    const raw = await subtle.exportKey('raw', key);
+
+    assert.deepStrictEqual(
+      Buffer.from(keyData).toString('hex'),
+      Buffer.from(raw).toString('hex'));
+
+    const jwk = await subtle.exportKey('jwk', key);
+    assert.deepStrictEqual(jwk.key_ops, ['encrypt', 'decrypt']);
+    assert(jwk.ext);
+    assert.strictEqual(jwk.kty, 'oct');
+
+    assert.deepStrictEqual(
+      Buffer.from(jwk.k, 'base64').toString('hex'),
+      Buffer.from(raw).toString('hex'));
+  }
+
+  test().then(common.mustCall());
+}
+
+// Import/Export RSA Key Pairs
+{
+  async function test() {
+    const { publicKey, privateKey } = await subtle.generateKey({
+      name: 'RSA-PSS',
+      modulusLength: 1024,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: 'SHA-384'
+    }, true, ['sign', 'verify']);
+
+    const [
+      spki,
+      pkcs8,
+      publicJwk,
+      privateJwk
+    ] = await Promise.all([
+      subtle.exportKey('spki', publicKey),
+      subtle.exportKey('pkcs8', privateKey),
+      subtle.exportKey('jwk', publicKey),
+      subtle.exportKey('jwk', privateKey)
+    ]);
+
+    assert(spki);
+    assert(pkcs8);
+    assert(publicJwk);
+    assert(privateJwk);
+
+    const [
+      importedSpkiPublicKey,
+      importedPkcs8PrivateKey,
+      importedJwkPublicKey,
+      importedJwkPrivateKey
+    ] = await Promise.all([
+      subtle.importKey('spki', spki, {
+        name: 'RSA-PSS',
+        hash: 'SHA-384',
+      }, true, ['verify']),
+      subtle.importKey('pkcs8', pkcs8, {
+        name: 'RSA-PSS',
+        hash: 'SHA-384',
+      }, true, ['sign']),
+      subtle.importKey('jwk', publicJwk, {
+        name: 'RSA-PSS',
+        hash: 'SHA-384',
+      }, true, ['verify']),
+      subtle.importKey('jwk', privateJwk, {
+        name: 'RSA-PSS',
+        hash: 'SHA-384',
+      }, true, ['sign']),
+    ]);
+
+    assert(importedSpkiPublicKey);
+    assert(importedPkcs8PrivateKey);
+    assert(importedJwkPublicKey);
+    assert(importedJwkPrivateKey);
+  }
+
+  test().then(common.mustCall());
+}
+
+// Import/Export EC Key Pairs
+{
+  async function test() {
+    const { publicKey, privateKey } = await subtle.generateKey({
+      name: 'ECDSA',
+      namedCurve: 'P-384'
+    }, true, ['sign', 'verify']);
+
+    const [
+      spki,
+      pkcs8,
+      publicJwk,
+      privateJwk
+    ] = await Promise.all([
+      subtle.exportKey('spki', publicKey),
+      subtle.exportKey('pkcs8', privateKey),
+      subtle.exportKey('jwk', publicKey),
+      subtle.exportKey('jwk', privateKey)
+    ]);
+
+    assert(spki);
+    assert(pkcs8);
+    assert(publicJwk);
+    assert(privateJwk);
+
+    const [
+      importedSpkiPublicKey,
+      importedPkcs8PrivateKey,
+      importedJwkPublicKey,
+      importedJwkPrivateKey
+    ] = await Promise.all([
+      subtle.importKey('spki', spki, {
+        name: 'ECDSA',
+        namedCurve: 'P-384'
+      }, true, ['verify']),
+      subtle.importKey('pkcs8', pkcs8, {
+        name: 'ECDSA',
+        namedCurve: 'P-384'
+      }, true, ['sign']),
+      subtle.importKey('jwk', publicJwk, {
+        name: 'ECDSA',
+        namedCurve: 'P-384'
+      }, true, ['verify']),
+      subtle.importKey('jwk', privateJwk, {
+        name: 'ECDSA',
+        namedCurve: 'P-384'
+      }, true, ['sign']),
+    ]);
+
+    assert(importedSpkiPublicKey);
+    assert(importedPkcs8PrivateKey);
+    assert(importedJwkPublicKey);
+    assert(importedJwkPrivateKey);
+  }
+
+  test().then(common.mustCall());
+}